-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
# this file in the current directory . or /usr/local/etc prevents
# spfilter from using the cached 'live' copy at all.
# its safe to delete this file, spfilter.pl has all the xml embedded
# the cleartext-signature will be verified if gpgv available in path.
# - section 'preset' describes aliases for sources
# - section 'source' describes input-sources (url)
# - section 'format' describes output-formats
# changes should be done exclusively in ./spfilter-local.xml
# which # may be included with argument '-x ./spfilter-local.xml'
# the trusted local config allows to override sources, formats
# and most config-variables (not complete, work in progress)
# use html-entities for this chars: '<', '>', '&' and '"'
# XML-Viewer at http://spfilter.sourceforge.net/code/xml-view.php
# Aliases listed here will be expanded recursively
# the *_ALL variants are not meant for automated blocking
# the *_SAFE variants should be safe for most mailservers
# more aliases and sources may be added on request
# update local copy below ./cache, verify gpg-signature
# file still must be copied manually to the destination
spfilter xml-configurationhttp://spfilter.sourceforge.net/code/xml-view.php26BDCEF3984C 6100 1C0E 5813 4077 6C48 051F C28D 26BD CEF3http://pgp.mit.edu:11371/pks/lookup?search=spfilter&op=index&fingerprint=onhttp://spfilter.sourceforge.net/code/spfilter-config.xml.bz2http://mirror.bliab.com/spfilter/spfilter-config.xml.bz2http://spfilter.sourceforge.net/code/spfilter-config.xmlSBL Spamhaus Block Listhttp://spamhaus.org/sbl/sbl.spamhaus.orgmay not be redistributed with another namehttp://mirror.bliab.com/sbl/SBL.cidr.bz2http://spfilter.sourceforge.net/data/sbl/SBL.cidr.bz2http://mirror.bliab.com/sbl/SBL.cidr.bak.bz2http://spfilter.sourceforge.net/data/sbl/SBL.cidr.bak.bz2SPEWS Level 1http://spews.org/also included in relays.osirusoft.comSPEWS2http://spews.org/spews_list_level1.txt.bz2http://spews.ghost.ru/spews_list_level1.txt.bz2http://mirror.bliab.com/spews/SPEWS.cidr.bz2http://spfilter.sourceforge.net/data/spews/SPEWS.cidr.bz2http://spews.org/spews_list_level1.txtSPEWS Level 2 (include Level 1)http://spews.org/spews level 2 includes level 1, blocks faster and longerSPEWShttp://spews.org/spews_list_level2.txt.bz2http://spews.ghost.ru/spews_list_level2.txt.bz2http://mirror.bliab.com/spews/SPEWS2.cidr.bz2http://spfilter.sourceforge.net/data/spews/SPEWS2.cidr.bz2http://spews.org/spews_list_level2.txtSPEWS Level 1, Proxies Loosers Onlyhttp://spews.org/extract only parts referring to dynamic sourcesSPEWSSPEWS2(OpenProxy|Cable|Modem|S456|S586|S1255)http://spews.org/spews_list_level1.txt.bz2Known Spamsiteshttp://www.spamsites.org/spamsites.relays.osirusoft.comalso included in relays.osirusoft.comhttp://www.spamsites.org/j_ips.txtspamsites.orghttp://openrbl.org/#Easynet (Wirehub!) Permblockhttp://abuse.easynet.nl/blackholes.htmlhttp://blackholes.easynet.nl/errors.htmlblackholes.easynet.nlrsync://informatie.easynet.nl:6666/spamblock/permblockIP.txtPERMBLOCKEasynet (Wirehub!) Open Proxy Blackholehttp://abuse.easynet.nl/proxies.htmlhttp://proxies.blackholes.easynet.nl/errors.htmlproxies.blackholes.easynet.nlrsync://informatie.easynet.nl:6666/spamblock/rbldns/proxies.blackholes.easynet.nl/rbldns.proxies.blackholes.easynet.nlOpen Proxy - http://proxies.blackholes.easynet.nl/errors.htmlEasynet (Wirehub!) Dynablock Dialupshttp://abuse.easynet.nl/dynablocker.htmlhttp://dynablock.easynet.nl/errors.htmldynablock.easynet.nlrsync://informatie.easynet.nl:6666/spamblock/rbldns/dynablock.easynet.nl/rbldns.dynablock.easynet.nlDynaBlock - http://dynablock.easynet.nl/errors.htmlPDL - Pan-Am Dynamic Dialup Listhttp://www.pan-am.ca/pdl/VERBOSE variant of PDL, appends hyperlinkPDL_DIALUPhttp://www.pan-am.ca/pdl/pdl-list.txt.bz2http://spfilter.sourceforge.net/data/input/PDL.bz2PDL Dynamic Listhttp://pan-am.ca/pdl/#PDL - Pan-Am Dynamic Dialup Listhttp://www.pan-am.ca/pdl/NON-VERBOSE variant of PDLPDLPDLhttp://www.pan-am.ca/pdl/pdl-list.txt.bz2http://spfilter.sourceforge.net/data/input/PDL.bz2PDLVisi RSL - Verified Open Relayshttp://relays.visi.com/rsl.visi.comupdate daily due to dynamic natureRSL is conservative, consider adding DSBL to the sethttp://relays.visi.com/rsl-list.txt.bz2RSL Open Relayhttp://relays.visi.com/nph-l?ip=DSBL - Open Singlestage Relays, Proxies and Trojanshttp://dsbl.org/list.dsbl.orgupdate daily due to dynamic naturezone file in rbldns formatrsync://rsync.dsbl.org:873/dsbl/rbldns-list.dsbl.orgDSBL Insecure hostDSBL - Open Multihop Relayshttp://dsbl.org/multihop.dsbl.orgknow the difference between single- and multihop-relays?zone file in rbldns formatrsync://rsync.dsbl.org:873/dsbl/rbldns-multihop.dsbl.orgDSBL Multistage RelayDSBL - Unconfirmed Relay Nominationshttp://dsbl.org/unconfirmed.dsbl.orgdo not enable this entry unless you know whyzone file in rbldns formatrsync://rsync.dsbl.org:873/dsbl/rbldns-unconfirmed.dsbl.orgDSBL UnconfirmedPSBL - Passive Spam Block Listpsbl.surriel.comrsync://psbl.surriel.com/psbl/psbl.txtPSBLCBL - composite blocking list - proxies and trojanshttp://cbl.abuseat.org/cbl.abuseat.orgzone file in rbldns formatrsync://rsync.cbl.abuseat.org/cbl/list.txtCBL Proxy/TrojanPSS - replacment for socks.relays.osirusoft.comhttp://spambusters.org.arpss.spambusters.org.arno website/removal yet - please be patientzone file in rbldns formatrsync://rsync.spambusters.org.ar/pss/rbldns.txtPSS Open ProxyDistributed Realtime Blocking Listhttp://www.drbl.ofisp.org/eng/ALL listings imported - do not use for blockinghttp://mirror.bliab.com/contrib/drbl.all.bz2FIVETEN Blackholeshttp://www.five-ten-sg.com/blackhole.phpblackholes.five-ten-sg.comzone not available 2002-10-27, maybe gone.exception not handled, dont use for blockinghttp://localhost/fiveten.axfr\.exception$FIVETEN Blackholeshttp://www.five-ten-sg.com/blackhole.phpblackholes.five-ten-sg.comzone not available 2002-10-27, maybe gone.exception handled, may be used for blocking120mb ram, 319650 records, 16mb octetsFIVETENhttp://localhost/fiveten.axfrFIVETEN\.exception$FIVETEN Blackholes Spamhttp://www.five-ten-sg.com/blackhole.phpblackholes.five-ten-sg.com.exception not handled, dont use for blockingFIVETENFIVETENhttp://localhost/fiveten.axfrFiveten/Spamsource\.(spam|webform|bulk|singlestage|multistage|misc)$\.exception$FIVETEN Blackholes Dialuphttp://www.five-ten-sg.com/blackhole.phpblackholes.five-ten-sg.comFIVETENFIVETEN.exception not handled, dont use for blockinghttp://localhost/fiveten.axfrFiveten/Dialup\.dialup$\.exception$no-more-funn - dr. Jorgen Mashs DNSBLhttp://moensted.dk/spam/no-more-funn/no-more-funn.moensted.dk.exception not handled, dont use for blockinghttp://moensted.dk/spam/no-more-funn/no-more-funn.moensted.dk.txt\.exc?eption$no-more-funn - dr. Jorgen Mashs DNSbnlhttp://moensted.dk/spam/no-more-funn/no-more-funn.moensted.dkexpand exception parents, may be used for blocking206951 records, 9mb octetsNOMORENULLhttp://moensted.dk/spam/no-more-funn/no-more-funn.moensted.dk.txt\.exc?eption$Easynet (Wirehub!) Dynablock Dialupshttp://abuse.easynet.nl/dynablocker.htmlhttp://dynablock.easynet.nl/errors.htmldynablock.easynet.nlATTN: name changed to easynet.nl 2003-05-17cname host used for descriptionPlease take a look at your logfiles every day and report any false positives to abuse@abuse.easynet.nlnodialup.ip not handled here, DONT USE FOR BLOCKINGstats: 120mb ram, 375249 records, 16mb octetsrsync://informatie.easynet.nl:6666/spamblock/dynablock.txtDYNABLOCK^nodialup\.ip$Easynet (Wirehub!) Dynablock Dialupshttp://abuse.easynet.nl/dynablocker.htmlhttp://dynablock.easynet.nl/errors.htmldynablock.easynet.nlATTN: name changed to easynet.nl 2003-05-17cname host used for descriptionexpand exception parents, may be used for blockingstats: 240mb ram, 798052 records, 18mb octetsDYNABLOCKrsync://http://informatie.easynet.nl:6666/spamblock/dynablock.txtNULL^nodialup\.ip$http://www.uceprotect.netstatic list only, not available via dnshttp://www.admins.ws/download/access.gzUCEPROTECT Blacklisted - see http://www.uceprotect.net/en/Flonetwork Netblockshttp://us.mirror.menandmice.com/cgi-bin/DoDig?host=ns1.intersil.com&domain=flowgoaway.com&type=AXFRnetlist.flowgoaway.comhttp://mirror.bliab.com/contrib/flowgoaway.bz2http://spfilter.sourceforge.net/data/contrib/flowgoaway.bz2Flonetwork MainsleazePostmastergeneral Opt-Out-Spamhttp://hatcheck.org/google?pm0-no-more.compu.netmaintained source neededPostmastergeneral MainsleazeTaiwanhttp://blackholes.us/taiwan.blackholes.ushttp://blackholes.us/zones/country/taiwan.classfulhttp://mirror.bliab.com/bus/country/C_TAIWAN.bz2Hongkonghttp://blackholes.us/hongkong.blackholes.ushttp://blackholes.us/zones/country/hongkong.classfulhttp://mirror.bliab.com/bus/country/C_HONGKONG.bz2Chinahttp://blackholes.us/china.blackholes.ushttp://blackholes.us/zones/country/china.classfulhttp://mirror.bliab.com/bus/country/C_CHINA.bz2Koreahttp://blackholes.us/korea.blackholes.ushttp://blackholes.us/zones/country/korea.classfulhttp://mirror.bliab.com/bus/country/C_KOREA.bz2Korean and Chinese Country Block Combinedhttp://www.okean.com/asianspamblocks.htmlKOREAhttp://www.okean.com/sinokoreacidr.txtKOREA&CHINA Mail Rejectedhttp://www.apnic.net/apnic-bin/whois2.pl?key=blackholes.us: Above.net (Score 6490)http://blackholes.us/above.blackholes.ushttp://blackholes.us/zones/isp/above.classfulISP ABOVE.NET http://hatcheck.org/google?above.net; http://hatcheck.org/sbl?aboveblackholes.us: Affinity (Skynetweb/Valueweb)http://blackholes.us/affinity.blackholes.ushttp://blackholes.us/zones/isp/affinity.classfulISP AFFINITY http://hatcheck.org/google?affinity/skynetweb/valueweb; http://hatcheck.org/sbl?affinity; http://hatcheck.org/sbl?valuewebAT&T WorldNet (Score 77100)http://mirror.bliab.com/contrib/isp_att.bz2http://spfilter.sourceforge.net/data/contrib/isp_att.bz2ISP ATT.NET http://hatcheck.org/google?att; http://hatcheck.org/sbl?attblackholes.us: Bellsouth, Home of Eddie Marin, Steve Hardigree and othershttp://blackholes.us/bellsouth.blackholes.ushttp://blackholes.us/zones/isp/bellsouth.classfulISP BELLSOUTH http://hatcheck.org/google?bellsouth; http://hatcheck.org/sbl?bellsouthblackholes.us: Broadwing ISP (Score 5180)http://blackholes.us/broadwing.blackholes.ushttp://blackholes.us/zones/isp/broadwing.classfulISP BROADWING http://hatcheck.org/google?broadwing; http://hatcheck.org/sbl?broadwingblackholes.us: Ciberlynx Spamhaven (Score 1180)http://blackholes.us/ciberlynx.blackholes.ushttp://blackholes.us/zones/isp/ciberlynx.classfulISP CYBERLYNX http://hatcheck.org/sbl?ciberlynxCogentco (Score 2650)http://blackholes.us/cogentco.blackholes.usreformed? - abuse@cogentco.com now acting on complaints but still too high at spamhaus.orghttp://blackholes.us/zones/isp/cogentco.classfulhttp://mirror.bliab.com/bus/isp/ISP_COGENTCO.bz2ISP COGENTCO http://hatcheck.org/sbl?cogentcoblackholes.us: Cable&Wireless Spamhaven (Score 8330)http://blackholes.us/cw.blackholes.ushttp://blackholes.us/zones/isp/cw.classfulISP CW.NET http://hatcheck.org/google?cw.net; http://hatcheck.org/sbl?cwblackholes.us: Cybercon Spamhaven (Score 889)http://blackholes.us/cybercon.blackholes.ushttp://blackholes.us/zones/isp/cybercon.classfulISP CYBERCON http://hatcheck.org/google?cybercon; http://hatcheck.org/sbl?cyberconblackholes.us: ELI (Score 10400)http://blackholes.us/eli.blackholes.usprobation 2002-10-17 - slowly cleaning up the messsee http://hatcheck.org/google?author:elipdx2002%40hotmail.comhttp://blackholes.us/zones/isp/eli.classfulISP ELI.NET http://hatcheck.org/google?eli.net; http://hatcheck.org/sbl?eli.netblackholes.us: HE Spamhaven (Score 5570)abuse@ acted on complaint within hours, 2002-11-13http://blackholes.us/he.blackholes.ushttp://blackholes.us/zones/isp/he.classfulISP HE.NET http://hatcheck.org/google?he.net; http://hatcheck.org/sbl?he.netHostnoc Spamhaven, Hosting Azooglehttp://blackholes.us/hostnoc.blackholes.ushttp://blackholes.us/zones/isp/hostnoc.classfulISP HOSTNOC http://hatcheck.org/google?hostnoc; http://hatcheck.org/sbl?hostnocblackholes.us: INFLOW Spamhaven (Score 1190)http://blackholes.us/inflow.blackholes.ushttp://blackholes.us/zones/isp/inflow.classfulISP INFLOW http://hatcheck.org/google?inflow; http://hatcheck.org/sbl?inflowblackholes.us: INFOLINK Spamhost - Home of Reinertsen and Hispeedmediahttp://blackholes.us/infolink.blackholes.ushttp://blackholes.us/zones/isp/inflow.classfulISP INFOLINK http://hatcheck.org/google?infolink; http://hatcheck.org/sbl?infolinkblackholes.us: Interbusiness.ithttp://blackholes.us/interbusiness.blackholes.ushttp://blackholes.us/zones/isp/interbusiness.classfulISP INTERBUSINESS http://hatcheck.org/google?interbusiness; http://hatcheck.org/sbl?interbusinessblackholes.us: INTERNAP (Score 1460)http://blackholes.us/internap.blackholes.ushttp://blackholes.us/zones/isp/internap.classfulISP INTERNAP http://hatcheck.org/google?internap; http://hatcheck.org/sbl?internapblackholes.us: LAUDERDALE Spamhost, Home of Marin, Hardigree, Richter and morehttp://blackholes.us/lauderdale.blackholes.ushttp://blackholes.us/zones/isp/lauderdale.classfulISP LAUDERDALE Spamhost http://hatcheck.org/google?lauderdale.net; http://hatcheck.org/sbl?lauderdaleblackholes.us: Level3 (Score 13600)http://blackholes.us/level3.blackholes.ushttp://blackholes.us/zones/isp/level3.classfulISP LEVEL3 http://hatcheck.org/google?level3; http://hatcheck.org/sbl?level3blackholes.us: Pajo (cleaning up their network)http://blackholes.us/seems to actually kick spammers in early 2003removed from ISP_SAFE 2003-05-17pajo.blackholes.ushttp://blackholes.us/zones/isp/pajo.classfulISP PAJO http://hatcheck.org/google?pajo; http://hatcheck.org/sbl?pajoQwest Spamsupport, Home of Richard Burke, Scott Hirsch and othershttp://blackholes.us/qwest.blackholes.ushttp://blackholes.us/zones/isp/qwest.classfulISP QWEST http://hatcheck.org/google?qwest; http://hatcheck.org/sbl?qwestblackholes.us: Rackspace, Hosting Haberli, Azooglehttp://blackholes.us/rackspace.blackholes.ushttp://blackholes.us/zones/isp/rackspace.classfulISP RACKSPACE http://hatcheck.org/google?rackspace; http://hatcheck.org/sbl?rackspaceblackholes.us: Roadrunner (Score 136000)http://blackholes.us/rr.blackholes.ushttp://blackholes.us/zones/isp/rr.classfulISP ROADRUNNER; http://hatcheck.org/google?rr/roadrunner; http://hatcheck.org/sbl?rrSprint Spamhaven, Home of Reinertsen, Baer, Docdrugs and othershttp://blackholes.us/sprint.blackholes.ushttp://blackholes.us/zones/isp/sprint.classfulhttp://mirror.bliab.com/bus/isp/ISP_SPRINT.bz2ISP SPRINT http://hatcheck.org/sbl?sprintTelesp Brasilia, Hosting Spammers, Open Proxies, @abuse MIAhttp://spamhaus.org/sbl/listings.lasso?isp=telesphttp://mirror.bliab.com/contrib/isp_telesp.bz2http://spfilter.sourceforge.net/data/contrib/isp_telesp.bz2ISP TELESP.BR http://hatcheck.org/google?telesp; http://hatcheck.org/sbl?telespUU.NET WorldCom (Score 70800)http://spamhaus.org/sbl/listings.lasso?isp=uu.netunfortunately not available at blackholes.ushttp://mirror.bliab.com/contrib/isp_uu.bz2http://spfilter.sourceforge.net/data/contrib/isp_uu.bz2ISP UU.NET http://hatcheck.org/google?uu.net; http://hatcheck.org/sbl?uu.netblackholes.us: Valuenet Spamhaus (Score 367)http://blackholes.us/valuenet.blackholes.ushttp://blackholes.us/zones/isp/valuenet.classfulISP VALUENET http://hatcheck.org/google?valuenet; http://hatcheck.org/sbl?valuenetblackholes.us: Verio Spamhaven (Score 51300)http://blackholes.us/verio.blackholes.ushttp://blackholes.us/zones/isp/verio.classfulISP VERIO http://hatcheck.org/google?verio; http://hatcheck.org/sbl?verioblackholes.us: Wanadoo.fr (Score )http://blackholes.us/classful data not yet available at blackholes.uswanadoo-fr.blackholes.ushttp://blackholes.us/zones/isp/wanadoo-fr.classfulISP WANADOO.FR http://hatcheck.org/google?wanadooblackholes.us: XO/Concentric (Score [out of range])http://blackholes.us/xo.blackholes.ushttp://blackholes.us/zones/isp/xo.classfulISP XO/CONCENTRIC http://hatcheck.org/google?concentric; http://hatcheck.org/sbl?xoblackholes.us: Yipes (Score 1340)http://blackholes.us/yipes.blackholes.ushttp://blackholes.us/zones/isp/yipes.classfulISP YIPES http://hatcheck.org/google?yipes; http://hatcheck.org/sbl?yipeshttp://www.cymru.com/Documents/bogon-list.htmlhttp://mirror.bliab.com/bogo/BOGO.cidr.aggreg.gzhttp://www.cymru.com/Documents/bogon-bn-agg.txthttp://www.cymru.com/Documents/bogon-bn-nonagg.txtBOGON ROUTE- http://openrbl.org/whois?i=Spamsources, Proxies, multiple aggregated as /24experimental, entries expire only after few monthsexpects PERMBLOCK, SPEWS and Relay/Proxylisthttp://mirror.bliab.com/contrib/risky_net.bz2http://spfilter.sourceforge.net/data/contrib/risky_net.bz2NULLdialups, cable and adsl, usually added after spamincomplete, includes dsl-ranges, usually added after spamwarning: braeks a couple of legit mailservers on static dslhttp://mirror.bliab.com/contrib/badhost_dyna.bz2http://spfilter.sourceforge.net/data/contrib/badhost_dyna.bz2ADSL/CABLE/DIALUPentries to be ignored (overwrite)neutralize entries in other listshttp://mirror.bliab.com/contrib/badhost_ignore.bz2http://spfilter.sourceforge.net/data/contrib/badhost_ignore.bz2NULL
# WARNING: sources below contain hostnames and email-addresses
# not all application can handle (mixed) addr and host
Easynet (Wirehub!) Spamlist-Extendedhttp://abuse.easynet.nl/spamlist-usage.htmlhttp://informatie.easynet.nl/error/errors.html#addressATTN: name changed to easynet.nl 2003-05-17contains ~45000 hostnames and email-addressesrsync://informatie.easynet.nl:6666/spamblock/spamlist-extended.txtSpamListSpamming/Unwanted Hosts, Domains and Localpartsapplied to both email and reverse-dnshttp://mirror.bliab.com/contrib/risky_dom.bz2http://spfilter.sourceforge.net/data/contrib/risky_dom.bz2BadFromFreemail and other often forged Domains (MX-Check)use only if your filter handles the tag 'FREEMAIL'http://mirror.bliab.com/contrib/badfrom_freemail.bz2http://spfilter.sourceforge.net/data/contrib/badfrom_freemail.bz2FREEMAILNeutralize Entries from other Sourcesuse only if your filter handles the tag 'IGNORE'http://mirror.bliab.com/contrib/badfrom_ignore.bz2http://spfilter.sourceforge.net/data/contrib/badfrom_ignore.bz2IGNORE
# entries used for testing and quality control (soon...)
small list for testing via httphttp://spfilter.sourceforge.net/used with the spfilter Makefile: 'make test'manual usage: 'perl ./spfilter.pl -v -d TEST_LIST'http://mirror.bliab.com/contrib/test_list.bz2small list for debugging axfr $GENERATE and .exceptionhttp://spfilter.sourceforge.net/manual usage: 'perl ./spfilter.pl -v -d TEST_AXFR'\.exception$http://mirror.bliab.com/contrib/test_axfr.bz2
# output format options, all keys optional
# notation (notation): use 'reverse' for dns (default 'octet')
# option=[bindhack|tinydnshack|tcpserverhack]: special processing
# head (string): prepended on each line, usually empty
# separator (string): between $addr and $text (default "\t")
# tail (string): appended after $text (default none)
# magic_update (boolean): preserve lines not inserted by spfilter
# keys listed below may not work: (run spfilter with argument -o)
# outdir (string) write generated list into this directory
# outfile (string): specify individual filename of generated list
# macros: {AGENT}, {YYMMDD}; for dnsbl: {ZONE}, {ADDR}, {TTL}
# todo: macros {OUTFILE}, {SOURCES}, {HOSTNAME}
generic tab-delimited badfrom, safe for scriptingsame as octets.tab, but for use with hostnames and badfromlegacy, will be removed soon# experimental extensions by {AGENT}:
# EXCEPTION, IGNORE or DUNNNO: do not include any matching records in output
# WHITELIST, OK or 250: pass entry, sendmail will whitelist on this keyword
# FREEMAIL or MXCHECK: pass entry, rcptfilter will deny if not from mx
stock sendmail with SPAMFRIENDhttp://www.sendmail.org/m4/anti-spam.html# reference see http://www.sendmail.org/m4/anti-spam.html
Connect:10 RELAY
Connect:127.0.0 RELAY
Connect:192.168 RELAY
To:abuse@ SPAMFRIEND
To:postmaster@ SPAMFRIEND
To:nofilter@ SPAMFRIEND
127.0.0.2 553 Test sendmail_access {AGENT} (20{YYMMDD})
# run 'makemap hash /etc/mail/access < SPFILTER.sendmail'
"553 "postfix (without quotes)http://www.postfix.org/# reference see http://www.postfix.org/access.5.html
10 OK
127.0.0 OK
192.168 OK
127.0.0.2 553 Test postfix {AGENT} (20{YYMMDD})
# needs: smtpd_client_restrictions = check_client_access hash:/usr/local/etc/postfix/spfilter_access, ...
553 qmail with anti-uce-patches (set variable DENYMAIL)http://www.qmail.org/tcprules also takes notation 'ranges' (not implemented)# qmail with consolidated anti-uce patches
# run tcprules tcprules.dat tcprules.tmp < ./outdir/SPFILTER.qmail_uce
10.:allow,DENYMAIL=""
127.0.0.:allow,DENYMAIL="",RELAYCLIENT=""
192.168.:allow,DENYMAIL=""
127.0.0.2:allow,DENYMAIL="553 Test qmail_uce {AGENT} (20{YYMMDD})"
:allow,DENYMAIL=""qmail with rblsmtpd (set variable RBLSMTPD)http://cr.yp.to/ucspi-tcp/rblsmtpd.html# rblsmtpd only returns temporary error (451) by default
# use 'rblsmtpd -b -C' for permanent and failsafe rejection (553)
# run 'tcprules tcprules.dat tcprules.tmp < ./outdir/SPFILTER.rblsmtpd'
10.:allow,RBLSMTPD=""
127.0.0.:allow,RBLSMTPD="",RELAYCLIENT=""
192.168.:allow,RBLSMTPD=""
127.0.0.2:allow,RBLSMTPD="Test rblsmtpd {AGENT} (20{YYMMDD})"
:allow,RBLSMTPD=""tcpserver (reject connection right away, text unused)http://cr.yp.to/ucspi-tcp/tcpserver.htmljust to keep them out of the maillog...drop connection on sight, insane clients may dos you for thattcpserver requires 'option="tcpserverhack"', append dot to partial octets:deny,DENYMAIL=""courier-mta (set variable BLOCK)http://courier-mta.org/makedat also takes 'cidr' and 'ranges' if Net::CIDR installed# courier-mta etc/smtpaccess
10 allow,BLOCK="",RELAYCLIENT,REQUIRECERT="NO",BOFHBADMIME="accept"
127.0.0 allow,BLOCK="",RELAYCLIENT,REQUIRECERT="NO",BOFHBADMIME="accept"
192.168 allow,BLOCK="",RELAYCLIENT,REQUIRECERT="NO",BOFHBADMIME="accept"
127.0.0.2 allow,BLOCK="Test courier {AGENT} (20{YYMMDD})"
# run '/usr/libexec/courier/bin/makesmtpaccess'
allow,BLOCK="553 "couriertcpd (reject connection right away, text unused)just to keep them out of the maillog... deny,BLOCK=""eximhttp://www.exim.org/working config examples needed!# exim
needs: host_reject_recipients = net-lsearch;/etc/mail/host_reject
# note: exim also supports cdb as generated by spfilter
127.0.0.2:Test exim {AGENT} (20{YYMMDD})
:BerkeleyDB v3+ Btreehttp://www.sleepycat.com/docs/utility/null-terminated, compatible with postfix and Ccompile: db_load -f SPFILTER.db_dump -T -t btree SPFILTER.dbATTN: dont mess up format definition belowVERSION=3
format=print
type=btree
HEADER=END
\00
\00reverse octets, common csv format (quoted),"553 "Michael Tokarev lightweight dnsbl-serverhttp://www.corpit.ru/mjt/rbldnsd/no options needed at all:127.0.0.2:http://openrbl.org/$
dnsbl performance test; #server {ADDR}
; #port 53
; #maxwait 1
.{ZONE} A ;.{ZONE} TXTdnsbl-in-a-box with bindspecify name and ip with -z {ZONE},{ADDR},{TTL}bind requires option=bindhack, limits txt to 255 chars and changes commentchar to ;delegate zone {ZONE} to nameserver at {ADDR}; bind zone {ZONE}., nameserver on [{ADDR}]
; in named.conf specify: zone "{ZONE}" { type master; file "SPFILTER.bind"; };
$TTL {TTL} ; {default ttl for positive answers}
$ORIGIN {ZONE}.
@ SOA {ZONE}. root.{ZONE}. (
20{YYMMDD}00 ; serial no.
10800 ; refresh {interval for syncing slaves}
3600 ; retry {retry per hour on failures}
604800 ; expire {remove dead slave zone after 7 days}
21600) ; minimum {ttl for negative answers}
; authoritative nameserver
@ 86400 NS {ZONE}.
@ 86400 MX 100 {ZONE}. ; {mailserver assumed on same address}
@ 86400 A {ADDR} ; {website assumed on same address}
www 86400 A {ADDR} ; {website assumed on same address}
; test-entries
about TXT "zone built by {AGENT} (20{YYMMDD})"
2.0.0.127 TXT "Test bind {ZONE} [{ADDR}] (20{YYMMDD})"
2.0.0.127 A 127.0.0.2 ; {every dnsbl should have that}
TXT "" A 127.0.0.2dnsbl-in-a-box with djb's tinydnsspecify name and ip with -z {ZONE},{ADDR},{TTL}tinydns requires option="tinydnshack", expand macro {ZONE} and transform :delegate zone {ZONE} to nameserver at {ADDR}# statically define zone '{ZONE}' at address {ADDR} for tinydns
Z.{ZONE}:{ZONE}:root.{ZONE}.:20{YYMMDD}00:14400:3600:604800:28800:{TTL}:
&{ZONE}::{ZONE}:86400:
^{ADDR}:{ZONE}:86400:
@{ZONE}::{ZONE}:100:86400:
+{ZONE}:{ADDR}:86400:
+www.{ZONE}:{ADDR}:86400:
'2.0.0.127.{ZONE}:Test {ZONE} {AGENT} {YYMMDD} http\072//spfilter.sourceforge.net/:
+2.0.0.127.{ZONE}:127.0.0.2:{TTL}
# run 'cp ./outdir/SPFILTER.tinydns ./data; tinydns-data'
# test1: dig @{ADDR} 2.0.0.127.{ZONE} any
# test2: dig 2.0.0.127.{ZONE} any
'.{ZONE}:+.{ZONE}:127.0.0.2:{TTL}parse sources into mysql# created by {AGENT} on 20{YYMMDD}
DROP TABLE IF EXISTS spfilter;
CREATE TABLE spfilter (
addr varchar(16) NOT NULL default '',
text varchar(127) NOT NULL default '',
KEY addr (addr)
);
# query: SELECT * from spfilter WHERE addr='$a.$b.$c.$d' OR addr='$a.$b.$c';
# tip: insert into non-indexed db and create the index later will be faster
# note: sould really use LOAD DATA INFILE and read from csv above
INSERT INTO spfilter VALUES ('','');
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/px9tBR/CjSa9zvMRAqE4AJ0QPJcecQf6OgYaR7uDTM/LyCr7DwCgiQ3z
Vv+CVN3DculC9744lyXg1j8=
=OoXg
-----END PGP SIGNATURE-----